Here is the current (under construction) schedule for the tracks
By Tracks
| Monday | Tuesday | Wednesday | Thursday | Friday | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
|
|
|
By Sessions
Chaos Engineering
| when day | Mon |
|---|---|
| description | Sessions focusing on Chaos Engineering |
| organizers | Russ Miles Russ Miles |
Total sessions for this track: 8
| Monday | Tuesday | Wednesday | Thursday | Friday | ||||
|---|---|---|---|---|---|---|---|---|
|
| |||||||
|
| |||||||
|
| |||||||
|
|
Sessions not mapped to an day and time
- Creating a Steady-State Hypothesis
- Customising the Chaos Toolkit
- Hands on Chaos Experiments
- Real world Chaos Engineering
(back to all track's schedule)
CISO
| when day | Tue,Thu |
|---|---|
| description | Working Sessions on topics related for CISOs and C-Level execs. |
| organizers | Tony Richards Tony Richards |
Total sessions for this track: 16
| Monday | Tuesday | Wednesday | Thursday | Friday | |||||
|---|---|---|---|---|---|---|---|---|---|
|
|
| |||||||
|
|
| |||||||
|
| ||||||||
|
|
Sessions not mapped to an day and time
- CISO Ask Me Anything (AMA)
- Cyber Insurance
- Cyber Risk Modeling
- GDPR Ask Me Anything GDPR
- Integrating Security into an Spotify Model
- OWASP Collective Defence Cluster (CDC)
- Recruiting AppSec Talent
- Vulnerability Intelligence Working Group
- Want to become a CISO?
- Want to become a CISO?
(back to all track's schedule)
DevSecOps
| when day | Tue Wed Thu |
|---|---|
| description | Sessions focusing on the DevSecOps tools and techniques to embed security as part of CI/CD pipelines |
| organizers | Imran Mohammed A Imran Mohammed A , Francois Raynaud Francois Raynaud |
Total sessions for this track: 57
| Monday | Tuesday | Wednesday | Thursday | Friday | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
|
|
| ||||||||||||
|
| |||||||||||||||
|
|
|
|
|
| |||||||||||
|
|
|
| |||||||||||||
|
|
|
| |||||||||||||
|
| |||||||||||||||
|
|
|
| |||||||||||||
|
|
|
Sessions not mapped to an day and time
- Adding security to VSTS pipeline
- Agile Practices for Security Teams
- AppSec SOC Monitoring Visualisation
- Cloud brokerage - authentication and authorisation
- Create a Slack bot in Python
- Creating Appsec metrics and visualisation
- Defining a Security Champion
- Defining a Security Champion
- Dependency management using Snyk
- DevSecOps Maturity Model (DSOMM)
- From Threat Modeling to DevSecOps metrics
- Integrating Security into an Spotify Model (and using Squads for Security teams)
- Integrating Security Tools in the SDL using OWASP DevSecOps Studio
- Owasp Cloud Security Workshop (BETA)
- OWASP Defect Dojo
- OWASP DevSecOps Studio
- Publishing apps in a VSTS security pipeline
- Securing GitHub Integrations
- Securing GitHub Integrations
- Securing the CI Pipeline
- Security Crowdsourcing
- Using activity-oriented metrics for Security
- Using The Hive for Incident Response
- Web Application Honeypot
- WebAuthn - Getting started workshop
- Writing security tests to confirm vulnerabilities and fixes
(back to all track's schedule)
GDPR
| when day | Mon,Tue,Wed,Thu |
|---|---|
| description | From GDPR Appropriate Security Controls to Real world GDPR practices, this is where the real GDPR security experts will be |
| organizers | Tony Richards Tony Richards , Dinis Cruz Dinis Cruz |
Total sessions for this track: 26
| Monday | Tuesday | Wednesday | Thursday | Friday | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
|
| |||||||||||
|
|
| ||||||||||||
|
|
| ||||||||||||
|
|
|
| |||||||||||
|
|
Sessions not mapped to an day and time
- Creating a standard for GDPR patterns
- DPO how to become one
- DPO what to expect
- European GDPR variations
- Gamification of GDPR compliance
- GDPR Appropriate Security Controls
- GDPR Compliance what does it mean?
- Hands-on GDPR Patterns
- Meet the ICO
- Policies for the security industry
- Policies for the security industry
- Using graphs for GDPR mappings and visualisations
- Using Threat Models for GDPR
(back to all track's schedule)
Keynotes
| when day | Mon,Thu |
|---|---|
| description | Keynote track featuring talks by security experts |
| organizers |
Total sessions for this track: 15
| Monday | Tuesday | Wednesday | Thursday | Friday | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
|
|
| ||||||||
|
|
|
|
|
|
Sessions not mapped to an day and time
- A seat at the table
- Adding Privacy by Design in Secure Application Development
- Crossing the river by feeling the stones
- Gamifying Security Dashboards
- Summit Wrap Up
- Thinking in Graphs
(back to all track's schedule)
Maps and Graphs
| when day | Thu |
|---|---|
| description | Working Sessions for CISOs |
| organizers | Dinis Cruz Dinis Cruz |
Total sessions for this track: 21
| Monday | Tuesday | Wednesday | Thursday | Friday | |||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
|
|
| |||||||
|
|
| |||||||||
|
|
| |||||||||
|
|
|
|
Sessions not mapped to an day and time
- Cell based Structures for Security
- Create Wardley Maps for Multiple Security Scenarios
- Creating ELK Dashboards
- SOC Value Chain using Wardley maps
- Using JIRA-NeoVis to create graphical representations of JIRA data
- Using maps to define how to capture, detect and prevent 6 real-world security incidents
- Using Neo4J to filter and review SAST findings
- Using Neo4J to filter and review SAST findings
- Using User Story Mapping for effective communication
- Wardley Mapping – a practical session on how to use value chain mapping
(back to all track's schedule)
Misc
| when day | |
|---|---|
| description | Misc Sessions on multiple topics |
| organizers |
Total sessions for this track: 48
| Monday | Tuesday | Wednesday | Thursday | Friday | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
|
|
| |||||||||||
|
|
|
|
| |||||||||||
|
|
| |||||||||||||
|
| ||||||||||||||
|
|
| |||||||||||||
|
|
|
Sessions not mapped to an day and time
- Ask me anything (AMA) - Meet the Experts
- Automation of MASVS with BDD
- Cloud brokerage - authentication and authorisation
- Creating Open Source Avatao exercises
- Getting more women in Cyber-security
- Group Discussion on Learning from Digital Incidents
- Hands-on JIRA Schema refactoring
- Hands-on JIRA Schema refactoring (DS)
- Jira (how to use it)
- JIRA - how to use it
- JIRA Risk Workflow
- Juice Shop Brainstorming
- Juice Shop Coding Day
- Lessons learned from public bug bounties programmes
- MSc Application Security
- Project Management
- Running CTF Games with OWASP Juice Shop
- Security Ethics Checklist
- Security Playbooks
- Squad Modelling and Cross Functional Teams
- Update MSTG with changes in Android 8 (Oreo)
- Update MSTG with changes in iOS 11
- Using AI and ML for incident response
- Using Jira to handle Incident Response - simulations
- Using Neo4J to filter and review SAST findings
- Women in Cyber-security: improving the gender balance
- Writing a Security Budget
(back to all track's schedule)
Owasp Projects
| when day | Tue Wed Thu |
|---|---|
| description | Sessions based around multiple Owasp Projects |
| organizers |
Total sessions for this track: 13
| Monday | Tuesday | Wednesday | Thursday | Friday | |||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
|
|
| |||||||
|
|
|
| ||||||||
|
|
| |||||||||
|
|
| |||||||||
|
|
|
OWASP SAMM
| when day | Mon,Tue,Wed,Thu |
|---|---|
| description | SAMM team working together in a 5-day sprint on SAMMv2 |
| organizers | Sebastien Deleersnyder Sebastien Deleersnyder , Bart De Win Bart De Win |
Total sessions for this track: 34
| Monday | Tuesday | Wednesday | Thursday | Friday | |||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
|
| ||||||||
|
|
|
|
| |||||||
|
|
|
|
| |||||||
|
|
|
| ||||||||
|
|
Sessions not mapped to an day and time
- Creating an open 3rd Party Supplier Questionnaire and maturity model
- DevSecOps Maturity Model (DSOMM)
- Implementing the OWASP responsible disclosure Maturity Model
- SAMM - Best Practices
- SAMM benchmarking
- SAMM DevSecOps Version
- SAMM Introduction
- SAMM Roundtable
- SAMM Summit Outcomes
- SAMM2 Kickoff
- SAMM2 Kickoff
- SAMMv2 Establish the Document Model
- SAMMv2 Measurement Model
- SAMMv2 working session - Design
- SAMMv2 working session - Governance
- SAMMv2 working session - Implementation
- SAMMv2 working session - Operations
- SAMMv2 working session - Verification
- Using the OWASP Maturity Model tool
(back to all track's schedule)
Security Questions
| when day | Mon,Tue,Wed,Thu,Fri |
|---|---|
| description | Track focused on creating Security Questions and Answers (with daily quizzes planned for the evening sessions) |
| organizers | John Fitzgerald John Fitzgerald , Rachel Power Rachel Power |
Total sessions for this track: 50
| Monday | Tuesday | Wednesday | Thursday | Friday | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
|
|
| ||||||||
|
|
| ||||||||||
|
| |||||||||||
|
|
|
| |||||||||
|
|
|
|
| ||||||||
|
|
|
|
|
| |||||||
|
|
|
|
|
Sessions not mapped to an day and time
- Consolidate and process all Security Quiz data
- Create .Net Security Questions
- Create AWS Security Questions
- Create Docker Security Questions
- Create Java Security Questions
- Create NodeJS Security Questions
- Create Owasp AWS Security Questions
- Create Owasp Top 10 Security Questions
- Create Perl Security Questions
- Create PHP Security Questions
- Create Security Economics Quiz
- Create Security Ethics Checklist Questions
- Creating Security Questions
- Prepare friday Quiz session
- Present Security Quiz Data
- Review quiz answers from Mon
- Review quiz answers from Thu
- Review quiz answers from Tue
- Review quiz answers from Wed
- Security Questions team briefing
- Security Questions workshop
- Security Quiz Night (Mon)
- Security Quiz Night (Thu)
- Security Quiz Night (Tue)
- Security Quiz Night (Wed)
- Transform OWASP Exam into Security Questions
- Transform OWASP Exam into Security Questions
(back to all track's schedule)
Threat Model
| when day | Mon,Tue,Wed,Thu,Fri |
|---|---|
| description | With Working Sessions such as Attack chains as TM technique and Threat Model cheat sheets |
| organizers | Steven Wierckx Steven Wierckx |
Total sessions for this track: 53
| Monday | Tuesday | Wednesday | Thursday | Friday | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
|
|
| ||||||||
|
|
|
|
|
| |||||||
|
|
|
|
| ||||||||
|
|
|
|
|
| |||||||
|
|
|
|
| ||||||||
|
|
Sessions not mapped to an day and time
- API Threat Modeling Cheat Sheet
- Attack chains as TM technique
- Back to the future with Threat Modeling
- Convert the templates from GE-Health to risk patterns
- Create generic TM for CMS
- Creating diagrams with DOT language
- Define an Open Risk Pattern format
- Describe different ways of implementing TM in agile organisations
- Docker and Kubernetes Threat Modeling Cheat Sheet
- Federated Login with Social Platforms Threat Modeling Cheat Sheet
- How do you define and measure the value of Threat Modeling?
- How do you define and measure the value of Threat Modeling?
- How to Scale Threat Modeling.
- How to Threat Model Features with Questionnaires
- IoT Threat Modeling Cheat Sheet
- Methodology / technique showcase
- Methodology / technique showcase
- SABSA and threat modeling
- SABSA and threat modeling
- Share your Threat Models diagrams and create a Book
- Threat model cheat sheets
- Threat model closing session
- Threat model guide
- Threat model track opening session
- Threat Model training through Gamification
- Threat Modeling Website Structure
- Update Threat Modeling pages on owasp web site
- Update Threat Modeling website 1
(back to all track's schedule)